"Quantum cookie" attacks are plausible but only in highly limited cases.

One of the more intriguing revelations in the most recent leak of NSA documents is the prospect that the spy agency is using browser cookies from Yahoo, Hotmail or the Google-owned DoubleClick ad network to decloak users of the Tor anonymity service.

One slide from a June 2012 presentation titled "Tor Stinks" carried the heading "Analytics: Cookie Leakage" followed by the words "DoubleclickID seen on Tor and nonTor IPs." The somewhat cryptic slide led to rampant speculation on Twitter and elsewhere that the NSA and its British counterpart, the Government Communications Headquarters (GCHQ), are able to bypass Tor protections by somehow manipulating the cookies Google uses to track people who have viewed DoubleClick ads. Principal volunteers with the Tor Project believe such a scenario is "plausible," but only in limited cases. Before explaining why, it helps to discuss how such an attack might work.

As documented elsewhere in the "Tor Stinks" presentation, the spy agencies sometimes use secret servers that are located on the Internet backbone to redirect some targets to another set of secret servers that impersonate the websites the targets intended to visit. Given their privileged location, the secret backbone nodes, dubbed "Quantum," are able to respond to the requests faster than the intended server, allowing them to win a "race condition." Government spies can't track cookies within the Tor network, because traffic is encrypted during its circuitous route through three different relays. But if the spies can watch the Internet backbone, they may be able to grab or manipulate cookies once the data exits Tor and heads toward its final destination.

A slide later in the deck refers to something called "QUANTUMCOOKIE," which purportedly "forces clients to divulge stored cookies." There are multiple ways to interpret such a vague bullet point. One of the more plausible is that the Quantum backbone servers can be used to serve cookies not just from DoubleClick or Google, but from Yahoo, Hotmail, or any other widely used Internet service.

Significant constraints

For dissidents of repressive governments, corporate or government whistleblowers, investigative journalists, and other Tor users, the prospect of being outed by a tracking cookie sounds scary. But based on the details included in the slides, it appears there are significant constraints on such attacks.

For one thing, as a separate slide instructed: "Use cookies to identify Tor users when they are not using Tor." Bullet points immediately below read:

Current: preliminary analysis shows that some cookies "survive" Tor use. Depends on how target is using Tor (Torbutton/Tor Browser Bundle clears out cookies).

Goal: test with cookies associated with CT targets
—Idea: what if we seeded cookies to a target?
— Investigate Evercookie persistence

The effect of this change, as well as additional improvements that more carefully deleted all cookies when the Tor Browser Bundle is closed, is that the described attacks using cookies from DoubleClick or other services are in most cases not possible.

"The key point here is that it doesn't matter now if you can trick the browser into revealing its cookie anymore," Roger Dingledine, the lead Tor developer who often goes by the handle "arma," wrote in an e-mail to Ars. "Back when we used the 'toggle' model, you might have a cookie on your browser that was created when you were in 'not using Tor' mode. That cookie is really dangerous if they can get a hold of it while you're using Tor, because it links you to your 'non-Tor' identity. Now that the toggle model is gone, and Tor Browser is really good about clearing cookies when you close it, then tricking Tor Browser into telling you about its (temporary, session-only, only gotten over Tor) cookies is much less dangerous."

One possible exception that Tor users should be aware of is the risk that comes when they log in to Hotmail, Gmail, or another service, even when running the most recent version of the Tor Browser Bundle. Until users log out and either close the browser or enable the "new identity" function, an attack mounted by a Quantum node might be able to redirect them to an imposter site that's able to retrieve a cookie set by the currently logged-in service.

To recap, here's how a cookie-based attack might work against someone using the old Tor software, based on a scenario offered by Dingledine:

Let's say there's a website, http://guardian.co.uk/, and the adversary wants to learn the identities of users who visit it over Tor and ask for a certain document.

Let's also suppose that the adversary can install their "Quantum" box on the Internet quite close to the Guardian webserver.

And we have Alice, our anonymous Tor user who uses Firefox and Torbutton in the old "Tor enabled" mode.

She clicks on the URL for her document, and her request is tunneled through the Tor network. Her Tor exit relay makes a Web request on her behalf to the Guardian website, but Quantum sees the Web request and answers it before the real Guardian website can answer.

Quantum's answer consists of an http redirect that makes Alice's browser think the website has asked her to load Hotmail and Yahoo. So she does, over Tor.

But in the old toggle model, what if she still had some old cookies lying around, back from when she had Tor disabled and was browsing normally? If she's a Yahoo user or a Hotmail user, then when her browser connects to those sites it will happily send her login cookie. The adversary then goes to whichever one(s) worked and asks them for subscriber information about the user they originally gave that login cookie to. Bad news for Alice.

Still a lot of work to do

Bottom line: nothing in the slides suggests that the cookie attacks threaten Tor users who run up-to-date software and follow best-practice advice repeatedly offered by Tor volunteers. Of course, it's possible the NSA and GCHQ have techniques. Chief among them is the use of Quantum servers to redirect Tor users to sites that exploit security vulnerabilities to surreptitiously install malware on their computers. Such attacks have long been recognized as a risk, but they come at a cost to spy agencies since success requires the availability of a vulnerability in a current version of the software that can be exploited with no indication to the end user. That requirement makes it harder for agents to carry out the attacks against large numbers of targets.

"Looking over the rest of the slides, they seem to be asking some of the right questions, but they don't seem to have any more answers than we do in the academic research community—and in many cases the papers at http://freehaven.net/anonbib/ provide significantly better answers than these slides do," Dingledine wrote. "Or said more clearly, we still have a lot of work to do to make Tor both safe and usable, but we don't have any new work based on these slides."

So the lesson here is to keep a separate OS install (run from disc or something to that effect) where you only browse through TOR and clear cookies on exit. This sort of attack seems to require the user to surf using TOR and then continue surfing in the clear using the same browser without clearing cookies.

So the lesson here is to keep a separate OS install (run from disc or something to that effect) where you only browse through TOR and clear cookies on exit. This sort of attack seems to require the user to surf using TOR and then continue surfing in the clear using the same browser without clearing cookies.

If you're very security conscious, I don't see what you'd really use the non-TOR install/machine for at all. Given that we know that the NSA is quite cunning and has deep access to critical internet infrastructures, it seems safest to assume that you're never able to really let your guard down. The price of having to constantly re-log into forums accounts and such seems small compared to the reduction in chances for operator error (logging in on the wrong machine, over-browsing, etc) for a security conscious individual. Plus, if the government is knowingly targeting you directly, they've shown in the past that they can get malware to jump from internet machines to exclusively offline ones (see Stuxnet/Flame combo).

I don't really use TOR, but I do run separate browsers for different tasks, using Chrome to access my cloud (Google, etc) accounts, but browsing on FF w/the usual privacy extensions installed (NS, ABP, Ghostery, etc.). I'm pretty sure that's best practice for TOR usage too to use a separate TOR browser than your usual environment. I suppose going the extra step and having a whole separate environment (VM or an entirely separate machine) is best, but for just run of the mill privacy, that seems extreme.

As for always being on TOR, isn't that a major performance hit for heavy traffic? Also, I thought it was bad manners to torrent and fileshare over TOR?

I doubt that Google can help get packets to the "real" servers any faster, or fast enough (physics!), but I wonder if their QUIC protocol could help mitigate these methods. When I first read of these QUANTUM servers, that was one my early thoughts. (Right after "oh, shit!" and "well, we knew they were on the backbone, so ... oh, shit!") Its about a bit more than speed, as it uses UDP and, apparently, SSL/TLS-style encryption. But I don't know enough about QUIC, or the rest of this mess, to sort that out.

I also wonder, now, if Google had motivations beyond "making the web faster."

I doubt that Google can help get packets to the "real" servers any faster, or fast enough (physics!), but I wonder if their QUIC protocol could help mitigate these methods. When I first read of these QUANTUM servers, that was one my early thoughts. (Right after "oh, shit!" and "well, we knew they were on the backbone, so ... oh, shit!") Its about a bit more than speed, as it uses UDP and, apparently, SSL/TLS-style encryption. But I don't know enough about QUIC, or the rest of this mess, to sort that out.

I also wonder, now, if Google had motivations beyond "making the web faster."

Can I even trust new protocols coming from Google? They are one of the companies willingly cooperating with the NSA. For all I know, QUIC will be the new Dual EC_DRBG.

Every guide for using TOR I have seen implores the user to disable javascript, cookies and plugins, and using a separate browser. If somone isn't sticking to those recommendations and engages in illegal behavior is just asking to get caught.

Can I even trust new protocols coming from Google? They are one of the companies willingly cooperating with the NSA. For all I know, QUIC will be the new Dual EC_DRBG.

Not that the end result is any different but I've not heard anything that would suggest they are cooperating "willingly". As far as I know, Google and many others have only cooperated where legally required. Regardless of whether or not you think the laws requiring compliance are legit or a complete overreach of power (hint: I think it's the second one) it's not the same as any of these companies doing it willingly.

If you meant "willingly" as in "they didn't shut down a-la Lavabit rather than grant access to data of interest", then yeah, I guess that's accurate. I just don't think it's accurate to paint many companies as eager collaborators because they complied with (secret or otherwise) court orders for information. It distracts from the fact that it's the federal agencies and the lawmakers who enable them that let it get to this point. It's rarely some company volunteering private data to anyone that asks for it.

Well, in that sentence the author was very clever. This kind of attacks can be carried out by oppressive governments like Iran and China . Obviously, The NSA does not even care about pedophiles, whistle blowers and much less about journalists.

Pedophile networks are the objective of the FBI and they do their own hacker job. As for dissidents and journalists, in the context of the NSA and FBI, it does not even make sense to talk about that in the USA .

However, The FBI can and should investigate journalists who leak sensitive information about some undercover operation when the leak put in risk the operation and the agents involved . In such scenario, the investigation is more than justified . Even then, i have not heard about any arrest of torture against journalists in the US since ... never.

Still, i do not get the point of using Tor in the USA , unless the objective is to enhance privacy against any server that tracks users or to circumvent private censorship in public forums , just like Ars Technica does when it track and censor users. From that point of view, Ars Technica should instead be interested in doing the same thing against tor users.

So, my impression is that the author wants to spread fear, uncertanly and doubt about the NSA, just because of the oblivious context where that sentence was written . It sounds misleading yes.

You are really this naive? Think about journalists trying to reveal some high level government corruption case. Now imagine what options are there when inteligence agency becomes aware of this.

Obviously since you've never heard of (a journalist reporting on) mistreatment of American journalists, that logically means it does not exist, nor will it ever, even if infrastructure is built to make it possible and completely undetectable in the future.

I'll add that it's easy to see by logical deduction why nobody should be angry that NSA is serving misdirects and exploits to circumvent anonymity on the net. Consider the following reductio ad absurdum:

I. Complete control over citizen internet usage (and access to information) is a tool of governmental oppressionII. Circumventing anonymity, illegally if need be, on the net enables completely controlling citizen internet usageI&II -> Therefore a government attempting such might be called an oppressive governmentIII (Ax I). The American government is not an oppressive government, which is a contradiction. Therefore premise I must be mistaken.

Every guide for using TOR I have seen implores the user to disable javascript, cookies and plugins, and using a separate browser. If somone isn't sticking to those recommendations and engages in illegal behavior is just asking to get caught.

One easy step further - install a copy of "Portable Firefox" in a different directory. This will not blend with any normal FF activity (can even be installed on a USB thumbdrive, etc). One can tweak that portable install and lock it down all you want (don't install flash, etc).

Can I even trust new protocols coming from Google? They are one of the companies willingly cooperating with the NSA. For all I know, QUIC will be the new Dual EC_DRBG.

The lack of openness from Google wouldn't bother me if they hadn't complained so much about the Govt. not being transparent about the FISA requests. What's good for the goose is good for the gander right?

So the lesson here is to keep a separate OS install (run from disc or something to that effect) where you only browse through TOR and clear cookies on exit. This sort of attack seems to require the user to surf using TOR and then continue surfing in the clear using the same browser without clearing cookies.

Or just use the TOR Browser Bundle for TOR related stuff and a totally separate browser like Chrome for the other stuff, as I do.

Cookies are little random lines of text that allow websites and banks to recognize their users. Advertisers use cookies recognize the users who've seen ads. The NSA doesn't need to alter Google cookies to benefit from them, they just need to read them. IF and thats a BIG IF the NSA is buying ads they could be putting their own cookies on a users computer for tracking which would be much easier than trying to use google or yahoo cookies.

... Brossard’s backdoor tool, dubbed Rakshasa, needs to be installed into the BIOS chip on a PC’s motherboard, on which the main processor and other core components are mounted. A computer’s BIOS chip contains the first code, known as firmware, which a computer runs when it is powered on to start the process of booting up the operating system. Brossard also found he could hide his malicious code inside chips of other hardware components such as network cards, and have it jump into the BIOS when necessary.

“If someone puts a single rogue firmware on your machine, he basically owns you forever,” Brossard told an audience of fellow hackers and computer security professionals at Black Hat.

When a PC with Rakshasa installed is switched on, the software looks for an Internet connection to fetch the small amount of code it needs to compromise the computer. If Rakshasa can’t get an Internet connection, it can’t operate.

The design makes Rakshasa extra stealthy. “For a nation-state-quality back door, think Flame or Stuxnet, we want plausible deniability,” explained Brossard, referring to malware that experts believe was created by government-sponsored hackers. “If you fetch over the Internet every time, we don’t leave a trace on the file system.”

The code Rakshasa fetches is used to disable a series of security controls that limit what changes low-level code can make to the high-level operating system and memory of a computer. Then, as the computer’s operating system is booted up, Rakshasa uses the powers it has granted itself to inject code into key parts of the operating system. Such code can be used to disable user controls, or steal passwords and other data to send back to the person controlling Rakshasa.

In an onstage demonstration at Black Hat, Brossard proved his idea works by having Rakshasa boot a computer with Windows 7 installed and override its password authentication. A person chosen from the audience was then able to use a randomly chosen password to log into the admin account. ...

... Brossard’s backdoor tool, dubbed Rakshasa, needs to be installed into the BIOS chip on a PC’s motherboard, on which the main processor and other core components are mounted. A computer’s BIOS chip contains the first code, known as firmware, which a computer runs when it is powered on to start the process of booting up the operating system. Brossard also found he could hide his malicious code inside chips of other hardware components such as network cards, and have it jump into the BIOS when necessary.

“If someone puts a single rogue firmware on your machine, he basically owns you forever,” Brossard told an audience of fellow hackers and computer security professionals at Black Hat.

When a PC with Rakshasa installed is switched on, the software looks for an Internet connection to fetch the small amount of code it needs to compromise the computer. If Rakshasa can’t get an Internet connection, it can’t operate.

The design makes Rakshasa extra stealthy. “For a nation-state-quality back door, think Flame or Stuxnet, we want plausible deniability,” explained Brossard, referring to malware that experts believe was created by government-sponsored hackers. “If you fetch over the Internet every time, we don’t leave a trace on the file system.”

The code Rakshasa fetches is used to disable a series of security controls that limit what changes low-level code can make to the high-level operating system and memory of a computer. Then, as the computer’s operating system is booted up, Rakshasa uses the powers it has granted itself to inject code into key parts of the operating system. Such code can be used to disable user controls, or steal passwords and other data to send back to the person controlling Rakshasa.

In an onstage demonstration at Black Hat, Brossard proved his idea works by having Rakshasa boot a computer with Windows 7 installed and override its password authentication. A person chosen from the audience was then able to use a randomly chosen password to log into the admin account. ...

Unfortunately, the BIOS is part of the TPM configuration, so if its firmware is backdoored then you don't have a trusted system any more:

Together with the BIOS, the TPM forms a ‘root of trust’: the TPM contains several PCRs (Platform Configuration Registers) that allow a secure storage and reporting of security relevant metrics. These metrics can be used to detect changes to previous configurations and derive decisions how to proceed. ... Therefore the BIOS and the Operating System have the primary responsibility to utilize the TPM to assure platform integrity. Only then can applications and users running on that platform rely on its security characteristics such as secure I/O "what you see is what you get", uncompromised keyboard entries, memory and storage operations.

The NSA slides and many attacks by LE/DHS/IC prey upon people who do not update Tor, or use it out of the RTFM recommendations.

This is not recommended for any security software. If you depend on it, patch it and RTFM, and use it according to recommendations.

When I was executive director of Tor (I'm not any more, not for many years, and I do not speak for the project), my personal observation was this: the people I personally liked, who were the people I joined the project to help -- journalists in hot spots, human rights workers, democracy activists and various folks who were behind firewalls in oppressive regimes working for reform? Those people got up in the morning, counted their fingers and toes, checked their dotted i's and crossed t's, RTFM -- they were disciplined because their lives and livelihoods might depend on it.

Child porn fans, drug dealers, various unsavory sorts who abused the network? Oddly, they often had impulse control issues. They would not RTFM. They would add Flash. They would use cookies. They would not bother to update. They would share personal information in clear text over chat channels.

They would get busted by LE, and people would scream, "kiddie porn dude gets busted in Germany using Tor" or something. /facepalm

How often would you hear, "Journalist gets busted in [random nasty country] using Tor" -- huh? Must be because they aren't using it. <brrrrrraaaaaap> Wrong answer.

So, yes, there is abuse on the network, and people like the NSA -- and Assad and everyone else -- goes after all kinds of people good and bad who use the network. And some of the people who use the network are dumbasses and they might get caught.

But generally, honestly, I tended to sleep pretty well at night figuring that the people who were the sincere careful people tend to be the principled people in my experience. Yes, folks, I am a white hat.

And the really clever criminal nasty types would find a way to use botnets and VPNs and various other than Tor if Tor wasn't there -- and if they're using Tor, likely, they'll slip up and be dumbasses, and normal net forensics will get them in the end, because of their own neurochemistry.

In 2009, Google CEO/Chair Eric Schmidt said, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." I very much disagree with the man -- and it's funny to see him "shocked, I tell you, shocked!" to have the NSA hacking his network now. Heh. But regardless what I do think is, if you can't accept the risk profile, don't do risky things.

And I hope if you are using Tor, you are doing good things. But it's likely, in my experience, if you are doing bad things -- you'll be smart enough to do them elsewhere. For most purposes, for illicit activity, the big players should presumably use enterprise grade software unless, like Silk Road and other "retail-to-the-public" players, they need to do onesie-twosie business with strangers.

The bulk of organized crime on the net is never visible to the general public. It's only the retail that you'd ever see. And that's the incentive to abuse hidden services.

What the NSA documents show is that they go hunting on Tor for low hanging fruit -- dumbass incoming connections that are malconfigured, via MITM or something. I was never the project's security expert...